From: <glassfish_at_javadesktop.org>
Date: Fri, 11 Dec 2009 08:40:41 PST

Regarding your use of annotations, review section 13.4 Programmatic Access Control Annotations, in the spec under the jsr 315 download page.

http://jcp.org/aboutJava/communityprocess/final/jsr315/index.html

Shing wai has also provided some example of their use in his blog

http://blogs.sun.com/swchan/entry/follow_up_on_servlet_3

To have the effects of login be session oriented, try calling request.getSession(true) before the call to login (if you have not done so already).
[Message sent by forum member 'monzillo' ]

http://forums.java.net/jive/thread.jspa?messageID=376010